Building Telephony Systems with OpenSER

Book Image

Building Telephony Systems with OpenSER

Book Image

Building Telephony Systems with OpenSER

Overview of this book

Building Telephony Systems with OpenSER

Building Telephony Systems with OpenSER

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

Preface

Free Chapter

Introduction to SIP

Introduction to SIP

Server Operating as a SIP Proxy

Server Operating as a SIP Redirect

SIP Transactions and Dialogs

The SIP Protocol and the OSI Model

The VoIP Provider "Big Picture"

Where You Can Find More Information

The SIP Express Router

The SIP Express Router

What is the SIP Express Router?

What Software to Use, SER or OpenSER?

Usage Scenarios

OpenSER Architecture

SIP Proxy—Expected Behavior

Stateful Operation

Differences between Strict Routing and Loose Routing

Understanding SIP and RTP

OpenSER Installation

OpenSER Installation

Hardware Requirements

Software Requirements

Lab—Installing Linux for OpenSER

Downloading and Installing OpenSER v1.2

Lab—Running OpenSER at the Linux Boot

OpenSER v1.2 Directory Structure

Startup Options

OpenSER Standard Configuration

OpenSER Standard Configuration

Analyzing the Standard Configuration

Using the Standard Configuration

Adding Authentication with MySQL

Adding Authentication with MySQL

The AUTH_DB Module

The REGISTER Authentication Sequence

The Openserctl Shell Script

The Functions check_to() and check_from()

Handling CANCEL requests and retransmissions

Full Script with All the Resources Above

Lab—Enhancing the Security

Lab—Using Aliases

Building the User Portal with SerMyAdmin

Building the User Portal with SerMyAdmin

Connectivity to the PSTN

Connectivity to the PSTN

Lab—Using Asterisk as a PSTN Gateway

Using LCR (Least Cost Routes)

Securing re-INVITES

Blacklists and "473/Filtered Destination" messages

Call Forward and Voice Mail

Call Forward and Voice Mail

Call Forwarding

Implementing Call Forward on Busy or nanswered

Inspecting the Configuration File

Lab—Testing the Call Forward Feature

SIP NAT Traversal

SIP NAT Traversal

Solving the SIP NAT Traversal Challenge

Handling REGISTER Requests behind NAT

Handling INVITE Messages behind NAT

Handling the Responses

MediaProxy Installation and Configuration

openser.cfg Analysis

Lab Using MediaProxy for NAT Traversal

OpenSER Accounting and Billing

OpenSER Accounting and Billing

Installation of FreeRADIUS and CDRTool

Using CDRTool for Rating

CDRTool Architecture

How CDRTool Rates a Call

Troubleshooting Tools

Troubleshooting Tools

Packet Capture and Trace Tools

After Words

What's New in Version 1.2.3

Migration from 1.2.2 to 1.2.3 and 1.3.1

Migrating the Script from Chapter 10 to openser 1.3.1

Areas for Further Investigation

TLS Transport Layer Security

Common Mistakes

Forum and Training

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Securing re-INVITES

Now that we are connected to the PSTN it is important to take care of some security considerations. Re-INVITES are being processed under the loose route section. These re-INVITES are not being challenged for its credentials. To enhance the security add the script below to your loose_route section. If the request is sequential (has_totag()) it need to have a ROUTE header. If it does not have (checked by the function loose_route()) we will discard the request with an error type "404, Not Here". Check the file openser.chapter7-3 if you have any doubt.

if (has_totag()) {
		# sequential request withing a dialog should
		# take the path determined by record-routing
		if (loose_route()) {
	           #Check authentication of re-invites
	           if(method=="INVITE" && (!allow_trusted())) {	
                      if (!proxy_authorize("","subscriber")) {
	                   proxy_challenge("","1");
	                   exit;
	               } else if (!check_from()) {...